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CLAIMS 



2 LA method comprising: 

3 providing a data processing operation involving at least one lookup table, each particular 

4 table from said at least one lookup table having a particular lookup table size and a particular 

5 lookup table index size; and 

6 creating at least one randomized table in which entries and/or indices are statistically 

7 independent from entries and/or indices of said at least one lookup table, each individual table 

8 from said at least one randomized table having a randomized table size, wherein a first sum of 
9H sizes of all said randomized tables is smaller than a second sum of sizes of all lookup tables, or 

lCfS the maximum index size of said randomized tables is less than the maximum index size of the 

1 ]£ lookup tables. 

liJf 2. A method as recited in claim 1, further comprising performing said data processing operation 

\y employing said at least one randomized table. 

i|5 

li y 3. A method as recited in claim 1, wherein the step of providing includes obtaining said data 

1 (p processing operation. 

17 4. A method as recited in claim 1 , wherein the step of creating said at least one randomized table 

1 8 includes applying a Table Split operation to at least one of said lookup tables resulting in split 

19 lookup tables; and/or applying a Table Masking operation to at least one of said lookup tables 

20 and/or split lookup tables resulting in masked tables. 

21 5. A method as recited in claim 1 , wherein the step of creating said at least one randomized table 

22 includes applying a Table Masking operation to at least one of said lookup tables and/or to split 

23 lookup tables resulting in masked tables. 
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1 6. A method as recited in claim 5, wherein the step of creating said at least one randomized table 

2 includes the step of applying a Table Aggregate operation to at least one of said masked tables. 

3 7. A method as recited in claim 4, wherein the step of applying a Table Split operation includes 

4 employing a Two-way Byte Table Splitting Method. 

5 8. A method as recited in claim 5, wherein the step of applying a Table Mask operation includes 

6 employing a Input-Output Permutation Masking Method. 

7 9. A method as recited in claim 6, wherein the step of applying a Table Aggregate operation 

8 includes employing an Entry- wise Algebraic Aggregate Method. 

9/Jf 10. A method as recited in claim 1, wherein said at least one table is a table from a COMP128 

10*;; application. 

1 1 1 . A method as recited in claim 1 , wherein a number of elements in said at least one lookup 

1 21 table is given by a power of two. 

13jr: 12. A method as recited in claim 1, further comprising: 

ir™'™ 

14 employing said at least one randomized table in a cryptographic process; 

1 5 applying said at least one randomized table for securely handling information in said 

1 6 cryptographic process . 

17 13. A method as recited in claim 12, further comprising: 

1 8 prior to performing said cryptographic process, transforming the information by applying 

1 9 a secret-sharing operation to the elements of the information where each element of the 

20 information is related to multiple elements of the transformed information; 
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1 performing the cryptographic process on the transformed information involving the use of 

2 said randomized table; and 

3 retransforming the transformed and cryptographically processed information by applying 

4 an inverse secret-sharing operation to the transformed and cryptographically processed 

5 information. 

6 14. A method as recited in claim 5, wherein indices to at least one masked table of said plurality 

7 of masked tables are masked by a single permutation and data values in said at least one masked 

8 table are masked by a single permutation. 

9^0 15. A method as recited in claim 1, further comprising employing the data processing operation 

104" as a countermeasure against at least one first-order side-channel attack. 

1 l2f 1 6. A method as recited in claim 5, wherein the step of applying Table Mask operation includes 

12- employing permutations for index and/or data values formed by composing several individual 

13f3 permutations. 

143 1 7. A method as recited in claim 5, wherein the step of applying the Table Mask operation 

15 r includes employing several individual permutations to defeat at least one higher-order 

16 side-channel attack. 

17 1 8. A method as recited in claim 1 , wherein said at least one table is a table from an application 

1 8 of General Countermeasure Against Side-channel Attacks. 

19 19. A method comprising: 

20 providing a lookup table for a data processing operation; 
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1 performing a table split operation upon said lookup table in forming a collection of split 

2 tables; 

3 performing a table mask operation upon said collection of split tables and/or upon other 

4 lookup tables in forming a plurality of masked tables; 

5 performing a table aggregate operation on at least two of said plurality of masked tables 

6 in forming at least one aggregate table; and 

7 performing said data processing operation on a combination of split, masked, aggregate 

8 and lookup tables. 

9 20. A method comprising: 

l(kj providing a data processing operation involving at least one lookup table, each particular 

1 lSf table from said at least one lookup table having a particular lookup table size and a particular 

12* lookup table index size; 

12p: declaring any lookup table from said at least one lookup table to be splittable: 

if the table lookup size of said any lookup table is larger than an amount of RAM 

15 available, or 

16 if the table index size of said any lookup table is larger than available addressing 

17 capability; 

1 g performing a table split operation upon said any lookup table declared splittable in the 

19 step of declaring and forming a collection of split tables; 
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1 performing a table mask operation upon said collection of split tables and/or other of said 

2 lookup tables forming a plurality of masked tables; and 

3 performing said data processing operation on a combination of split, masked, aggregate 

4 and lookup tables. 

5 2 1 . A method as recited in claim 20, further comprising performing at least one table aggregate 

6 operation on at least two of said plurality of masked tables forming at least one aggregate table. 

7 22. A method as recited in claim 21 , wherein the step of performing said data processing 

8 operation includes performing a table aggregate operation whenever a total size of all masked 
9r% tables exceeds an amount of RAM available, 

1 (>P 23 . A method as recited in claim 2 1 , wherein the step of providing includes obtaining the data 

1 l ; y processing operation. 

12* 24. A method as recited in Claim 20, wherein the step of performing a table split operation 

1 3f J includes employing an Output Divisor Table Splitting Method. 

14D 25. A method as recited in Claim 20, wherein the step of performing a table mask operation 

1 5" includes employing an Input-Output XOR Permutation Masking Method. 

16 26. A method as recited in Claim 2 1 , wherein said table aggregate operation includes employing 

1 7 a Byte-wise XOR Aggregate Method. 

18 27 . A method as recited in claim 2 1 , further comprising performing said data processing 

19 operation on a combination of split, masked, aggregate and lookup tables. 

20 28. A method as recited in claim 20, further comprising employing the data processing 

2 1 operation as a countermeasure against at least one side channel attack. 
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1 29. A method as recited in claim 1, wherein a number of elements in said at least one lookup 

2 table is 200. 

3 30. An article of manufacture comprising a computer usable medium having computer readable 

4 program code means embodied therein for causing resistance to side-channel attacks, the 

5 computer readable program code means in said article of manufacture comprising computer 

6 readable program code means for causing a computer to effect the steps of claim 1 . 

7 3 1 . An article of manufacture comprising a computer usable medium having computer readable 

8 program code means embodied therein for causing resistance to side-channel attacks, the 
9o computer readable program code means in said article of manufacture comprising computer 

1 O^f readable program code means for causing a computer to effect the steps of claim 1 9. 

1 Kj 32. An apparatus comprising: 

1 2- means for declaring any lookup table from a provided set of lookup table to be splittable 

1 £5 if the table lookup size of said any lookup table is larger than an amount of RAM available, or if 

1 4^ the table index size of said any lookup table is larger than available addressing capability, each 

1 53 particular table from said set of lookup tables having a particular lookup table size and a 

16 particular lookup table index size, said any lookup table; 

1 7 means for performing a table split operation upon said any lookup table declared 

1 8 splittable in the means for declaring and forming a collection of split tables; 

\ 9 means for performing a table mask operation upon said collection of split tables and/ or 

20 other of said lookup tables forming a plurality of masked tables; and 

2 1 means for performing said data processing operation upon a combination of split, 

22 masked, aggregate and lookup tables. 
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1 33. An apparatus as recited in claim 32, further comprising means for performing a table 

2 aggregate operation on at least two of said plurality of masked tables. 

3 34. An apparatus as recited in claim 33, wherein the means for performing a table aggregate 

4 operation performs the table aggregate operation when the total size of all masked tables exceeds 

5 the amount of RAM available. 

6 35. An apparatus as recited in claim 32, wherein the means for declaring obtains said any lookup 

7 tables from another module. 

8q 36.. A method comprising 

9-P providing a data processing operation involving a first lookup table in a cryptographic 

1 (Kj process, said lookup table having a first lookup table size; 

1 p creating a randomized table in which entries or indices are statistically independent of 

125 entries or indices of said first lookup table, said randomized table having a randomized table size 

1 being smaller than said first lookup table size; 

1 4 employing said randomized table for securely handling information in said cryptographic 

15 process; 

1 6 prior to performing the cryptographic process, transforming the information by applying a 

17 secret-sharing operation to the elements of the information where each element of the 

1 8 information is related to multiple elements of the transformed information; 

1 9 performing the cryptographic process on the transformed information involving the use of 

20 said randomized table; and 
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1 retransforming the transformed and cryptographically processed information by applying 

2 an inverse secret-sharing operation to the transformed and cryptographically processed 

3 information. 

4 37. A method as recited in claim 36, further comprising performing said data processing 

5 operation employing said randomized table. 

6 38. A method as recited in claim 36, wherein said cryptographic process is performed in a 

7 cryptographic information processing system or device. 

8 39. A chip card comprising a module implementing the steps of claim 1 . 

9't{ 40. A method as recited in claim 1, wherein said at least one lookup table is fixed. 

1 ONj 4 1 . An apparatus comprising: 

1 a randomizer module to create at least one randomized table in which entries and/or 

IM indices are statistically independent of entries and/or indices of any table from a provided set of 

1 3pf lookup tables, each individual table from said at least one randomized table having a randomized 

l4 J table size, wherein: 

1 5 a first sum of sizes of all said randomized tables is smaller than a second sum of 

1 6 sizes of all said at least one lookup tables, or 

1 7 the maximum index size of said randomized tables is less than the maximum 

18 index size of the lookup tables; and 

19 a processing module to perform said data processing operation employing said first 

20 randomized table. 
21 
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1 42. An apparatus as recited in claim 41 , wherein the randomizer module forms said provided set 

2 of lookup tables. 

3 43. An apparatus as recited in claim 41, wherein the randomizer module includes a splitting 

4 module to perform a Table Split operation upon at least a subset of said set of lookup tables 

5 resulting in split lookup tables. 

6 44. An apparatus as recited in claim 41 , wherein the randomizer module includes a masking 

7 module to perform a Table Masking operation upon at least a subset of said set of lookup tables 

8 and/or split lookup tables forming a set of masked tables. 

9n 45. An apparatus as recited in claim 43, wherein the randomizing module includes an 

10 if aggregating module to perform a Table Aggregate operation to at least one masked table. 

1 ly 46. An apparatus as recited in claim 43, wherein the splitting module includes an Unequal Table 

122 Splitter Module which applies the Unequal Table Split Method for performing a Table Split 

13 s Operation. 

14^ 47. An apparatus as recited in claim 44, wherein the masking module includes an Input-Output 

1 5D XOR Permutation Masking module which applies the Input-Output XOR Permutation Masking 

1 6 r Method for performing a Table Mask Operation. 

17 48. An apparatus as recited in claim 45, wherein the aggregating module includes an Byte-wise 

1 8 XOR Aggregating Module which applies the Byte-wise XOR Aggregating Method for 

1 9 performing a Table Aggregate Operation. 

20 49. A computer program product comprising a computer usable medium having computer 

2 1 readable program code means embodied therein for causing resistance to side-channel attacks, 

22 the computer readable program code means in said computer program product comprising 
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1 computer readable program code means for causing a computer to effect the functions of claim 

2 32. 

3 50. An apparatus comprising 
4 

5 a splitting module to perform a table split operation upon a provided set of lookup tables, 

6 forming a plurality of split tables; 

7 a masking module to perform a table mask operation upon said collection of split tables 

8 and/or other lookup tables forming at least one masked tables; 

9^ an aggregating module to perform a table aggregate operation on a subset of said plurality 

1 0;P of masked tables, forming at least one aggregate tables; and 

1 l[H a processing module to perform a data processing operation employing a combination of 

12* split, masked, aggregate and lookup tables. 

1 3^ 5 1 . An article of manufacture comprising a computer usable medium having computer readable 

1 43 program code means embodied therein for causing resistance to side-channel attacks, the 

1 5°°* computer readable program code means in said article of manufacture comprising computer 

1 6 readable program code means for causing a computer to effect the steps of claim 20. 

17 52 . An article of manufacture comprising a computer usable medium having computer readable 

1 8 program code means embodied therein for causing resistance to side-channel attacks, the 

1 9 computer readable program code means in said article of manufacture comprising computer 

20 readable program code means for causing a computer to effect the steps of claim 36. 
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1 53. A program storage device readable by machine, tangibly embodying a program of 

2 instructions executable by the machine to perform method steps for causing resistance to 

3 side-channel attacks, said method steps comprising the steps of claim 1 . 

4 54. A program storage device readable by machine, tangibly embodying a program of 

5 instructions executable by the machine to perform method steps for causing resistance to 

6 side-channel attacks, said method steps comprising the steps of claim 20. 

7 55. A program storage device readable by machine, tangibly embodying a program of 

8 instructions executable by the machine to perform method steps for causing resistance to 

9 side-channel attacks, said method steps comprising the steps of claim 36. 

10^2 56. A computer program product comprising a computer usable medium having computer 

1 145 readable program code means embodied therein for causing resistance to side-channel attacks, 

1 2m the computer readable program code means in said computer program product comprising 

1 3S computer readable program code means for causing a computer to effect the functions of claim 

14* 41. 

1 5fT 57. A computer program product comprising a computer usable medium having computer 

1 £3 readable program code means embodied therein for causing resistance to side-channel attacks, 

1 7~ the computer readable program code means in said computer program product comprising 

1 8 computer readable program code means for causing a computer to effect the functions of claim 

19 50. 
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